With Jumpshot shuttered, where will SEOs get their ‘zero-click’ fix now? –

by

Made famous among SEOs by Rand Fishkin’s zero-click posts and presentations, analytics firm Jumpshot is being shut down by its corporate parent Avast. Avast CEO Ondrej Vlcek said in a blog post that the subsidiary’s operations would be immediately terminated, following critical articles about Jumpshot’s data-collection and sales practices,

Jumpshot data from Avast installations. Jumpshot analytics were based, in part, on Avast data. Avast, which offers anti-virus protection and other services, first invested in Jumpshot in 2015. At that time, Jumpshot claimed a panel of more than 107 million consumers worldwide generating more than 150 billion clicks per month. Avast says its software is installed on roughly 435 million active devices. Jumpshot promised marketers the ability to “understand consumers’ entire path-to-purchase online.” The company’s customers included Unilever, Microsoft, IBM, Google, Yelp, Condé Nast and TripAdvisor.

Articles from Vice, PC Mag and Motherboard claimed that Avast and Jumpshot were “secretly harvesting” users’ browsing behavior, packaging it and reselling without their full knowledge. The company has always said the data is aggregated and anonymized, but the PC Mag article asserted it could “be linked back to people’s real identities, exposing every click and search they’ve made.”

Defending Jumpshot’s methodology. SparkToro founder Rand Fishkin, who regularly used Jumpshot data in his widely circulated Google search-click analysis, defended the company on Twitter and faulted the publications for what he said was incomplete and biased reporting.

Fiskin said, “A) The tool does protect [users]. Avast is high quality, free AV software. B) their contributions to anonymous, aggregated web data creates a good business, but also does a huge amount of public good. Congress has even cited JS data to hold the tech giants to account for their lies.” He added, “And when you install Avast, they tell you this and ask and then they asked again via email. It’s like calling out the organic grocery store for carrying GMO products, i.e. Creating fear and doubt for no particularly good reason other than clickbait & outrage-bait.”

Jumpshot’s methodology isn’t that different from other companies aggregating and reselling user-behavior data. The central question is: did Avast’s users understand they were opting-in to the company’s “panel”? Fishkin asserts Jumpshot used a double opt-in process and that the data is sufficiently anonymized to prevent user identification.

Protecting the core business from fallout. Avast CEO Ondrej Vlcek says in his post that closing down Jumpshot “is absolutely the right thing to do” and adds, “I firmly believe it will help Avast focus on and unlock its full potential to deliver on its promise of security and privacy. And I especially thank our users, whose recent feedback accelerated our decision to take quick action.”

In all likelihood, Avast took the action to protect its core business, as multiple articles, including from Consumer Reports, called out the company for its data collection practices, while some called for the uninstallation of the Avast software. This is probably as much PR damage control as it is driven by any principled position.

Why we care. SEO and digital marketing consultant Joe Youngblood raised a question that must now be on many marketer’s minds: how deeply integrated is Jumpshot data into SEO tools that many rely on? (There are a number of research tools that utilize it apparently.) More broadly, the Jumpshot controversy raises larger issues around data collection and analytics tools that the industry uses on a daily basis.

The PR fallout and damage control were immediate in this case. Other data tools that similarly rely upon “anonymized” user data, collected with ambiguous consent, are now potentially vulnerable. All companies that are collecting and reselling aggregated data will need to be extra careful about disclosures and user opt-ins. With regulatory initiatives such as GDPR and CCPA, consent by default, buried in terms and conditions, is no longer going to fly as a practical matter — even if it still is technically legal.